Primary DNS failed to respond to a UDP connection

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue.
The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime.
For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]

Topic Last Modified: 2007-03-16

The Microsoft Exchange Analyzer tool queries the Win32_NetworkAdapterConfiguration Microsoft Windows Management Instrumentation (WMI) class to obtain the DNSServerSearchOrder attribute. This attribute is an array of server IP addresses to be used in querying for DNS servers.

After retrieving the address of the primary Domain Name System (DNS) server, the Exchange Analyzer attempts a DNS query against the configured DNS servers for each Active Directory directory service server. This connection is made by using a custom object processor that performs a User Datagram Protocol (UDP) name resolution request and analyzes the results.

If the UDP name resolution request fails, the Exchange Analyzer displays a warning.

This warning indicates that the primary DNS server may be configured to accept only TCP queries.

Simple Mail Transfer Protocol (SMTP) is the native mail protocol for mail submission and mail transport for Exchange Server. This means that clients use SMTP to send messages and Exchange servers use SMTP to deliver messages and message data.

For Exchange Server to deliver an outbound internet message via the SMTP service, DNS is employed by the following method:

An internal user sends a message to a recipient in a remote domain.

To determine whether the recipient is local or remote, the SMTP virtual server on the sender's Exchange server uses internal transport functions to query the global catalog server for the recipient address. If the recipient address on the message is not in a recipient policy, it is not stored in Active Directory. Therefore, Exchange determines that the message is destined for a remote domain.

If it is necessary, the Exchange server delivers the message to the appropriate SMTP virtual server.

The SMTP virtual server uses its IIS metabase information to determine the method for delivering a message to a remote domain.

The SMTP virtual server on the Exchange server then performs one of two actions:

Uses DNS to look up the IP address for the target domain, and then tries to deliver the message.

Forwards the message to a smart host that assumes responsibility for the DNS resolution and delivery of the message.

By default, DNS servers listen on UDP socket 53 for communications such as name resolution queries.

If the SMTP services on the Exchange Server are configured to only send UDP queries and the Primary DNS server is configured to only accept TCP queries, mail routing failures can occur that may adversely affect mail flow performance.

To address this warning, do the following:

Make sure that the DNS server has been started and that it is connected to the network.

Verify that a network firewall or packet filter is not intentionally blocking well-known DNS ports such as UDP port 53.

Verify that the primary DNS server is configured to support UDP name resolution queries.

For more information about DNS and Exchange Server, see the following Microsoft Knowledge Base articles and WebCast: